We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help please? - Malwarebytes found 15 Trojan Dropper from Gimp
Options
OnAndUp
Posts: 981 Forumite
Hello again!
I was hoping to leave you techie folks in peace for a while but then something else happened!! :eek:
I had that system tool problem and with help got rid of it, anyway since I got rid of it I have ran malwarebytes again and it never found anything. As I'm more wary than usual I ran it again last night after going on ebay. It found 15 things all connected to gimp which I do have but haven't used/opened for months
When I googled it I came across a couple of messages about the same issue that maybe it's a false positive?
http://forums.malwarebytes.org/index.php?showtopic=77127
Can someone please have a look at it?
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5967
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
06/03/2011 00:51:30
mbam-log-2011-03-06 (00-51-30).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 259034
Time elapsed: 3 hour(s), 51 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\alien-map.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\cartoon.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\cubism.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-csource.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-gbr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-html-table.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\help.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\oilify.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-sgi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\fractal-trace.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\noise-solid.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\photocopy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\polar-coords.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\ripple.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\van-gogh-lic.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
THANKS!
I was hoping to leave you techie folks in peace for a while but then something else happened!! :eek:
I had that system tool problem and with help got rid of it, anyway since I got rid of it I have ran malwarebytes again and it never found anything. As I'm more wary than usual I ran it again last night after going on ebay. It found 15 things all connected to gimp which I do have but haven't used/opened for months
When I googled it I came across a couple of messages about the same issue that maybe it's a false positive?
http://forums.malwarebytes.org/index.php?showtopic=77127
Can someone please have a look at it?
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5967
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
06/03/2011 00:51:30
mbam-log-2011-03-06 (00-51-30).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 259034
Time elapsed: 3 hour(s), 51 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\alien-map.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\cartoon.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\cubism.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-csource.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-gbr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-html-table.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\help.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\oilify.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-sgi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\fractal-trace.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\noise-solid.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\photocopy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\polar-coords.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\ripple.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\van-gogh-lic.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
THANKS!
"Things can only get better.................c/o D:Ream #The 90's 
"
"0
Comments
-
I would guess it is a false positive.
The best place to report this would be the MBAM forum. There is however already a topic on this:
http://forums.malwarebytes.org/index.php?showtopic=77127
D'oh!! You already saw the topic :doh:-Scott-
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!” Richard Feynman0 -
you need to run this
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
now and post that log fileEx forum ambassador
Long term forum member0 -
It's likely to be a false positive, which is unusual for MBAM imo. No harm in deleting it if you aren't even using the program.
Looks like MBAM have been alerted,
in the meantime you can test the files for yourself with other scanners at sites like these:
http://virusscan.jotti.org/en-gb Jotti's malware scan
http://www.virustotal.com/ Virus total
Keep in mind that the results don't necessarily tell you anything - they all might be behind with their detections, or they might all have the same reason for giving a false positive. Case in point, a large proportion of scanners at both sites felt that a file downloaded from Steam was a trojan, but it was a false positive.0 -
Thanks everyone! I am just going to leave it for now and assume it's was a false positive, it looks (to me!) like someone from malwarebytes? has replied on their forum saying it's fixed now?
http://forums.malwarebytes.org/index.php?showtopic=77127
I can't seem to run combofix always crashes and bluescreens my pc
"Things can only get better.................c/o D:Ream #The 90's"0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards